Label Administration

Several aspects about how labels appear to users can be configured.
Label color and labels on printed output can be configured. Some actions on
labels require authorization or privilege. For example, upgrading or downgrading
an object's label requires an authorization. Manipulating a label between
its internal and its textual representation can require a privilege.

Label Visibility

Typically, the content of files at a lower label can be read by a user
at a higher label. For example, system files and commonly available executables
are assigned an ADMIN_LOW label. According to the read
down-read equal rule, users who work at any label can read ADMIN_LOW files.
As in Oracle Solaris, DAC permissions can prevent read access. Zones also protect
files from being read. If a lower-level zone is not mounted, a user in a higher-level
zone cannot access the files for reading.

Files that contain data that must not be viewed by regular users, such
as system log files and the label_encodings files, are
maintained at ADMIN_HIGH. To allow administrators access
to protected system files, the ADMIN_LOW and ADMIN_HIGH administrative labels are assigned as the minimum label and clearance
for roles.

Labels on Printed Output

The labels that are printed on banner, trailer and body pages of print
jobs can be customized. Also, accompanying text that appears on the banner
and trailer pages can be customized. For more information, see Labeling Printer Output.

Authorizations for Relabeling Information

The authorization to upgrade information to a label that dominates the
label of the current information is called the Upgrade File Label authorization.
The authorization that is used to downgrade information to a label that is
lower than the label of the current information is called the Downgrade
File Label authorization. For definitions of these authorizations,
use the getent auth_attr command.

Privileges for Translating Labels

Label translation occurs whenever programs manipulate labels. Labels
are translated to and from the textual strings to the internal representation.
For example, when a program such as getlabel obtains the
label of a file, before the label can be displayed to the user, the internal
representation of the label is translated into readable output, that is, into
a textual string. When the setlabel program sets a label
specified on the command line, the textual string (that is, the label's name)
is translated into the label's internal representation. Trusted Extensions permits
label translations only if the calling process's label dominates the label
that is to be translated. If a process attempts to translate a label that
the process's label does not dominate, the translation is disallowed. The sys_trans_label privilege is required to override this restriction.